Cerby

With Cerby, you can now perform automated tasks even for the accounts you have saved in vaults with local encryption.

Automation was previously exclusive to workspaces with cloud vaults, leveraging server-side tasks performed by the Cerby bot. Now, this capability extends to accounts in local vaults, combining robust security with seamless efficiency to elevate your user experience.

Cerby implements the Zero Knowledge principles for accounts in local vaults through features such as <a href="https://help.cerby.com/en/articles/8142370-set-up-trusted-sessions-on-your-devices">trusted sessions on your devices</a> and <a href="https://help.cerby.com/en/articles/8376548-how-cerby-protects-your-data-with-cloud-and-local-encryption">local encryption for vaults</a> with workspace and user visibility. The goal is to minimize the blast radius of potential attacks and safeguard sensitive information.

<a href="https://help.cerby.com/en/articles/6263064-explore-the-supported-automated-tasks-for-your-managed-accounts">This article</a> lists the automated tasks Cerby can perform for your managed accounts with cloud encryption. The following are the automated tasks supported for accounts in local vaults:

Turn on multi-factor authentication (MFA) 

- Rotate passwords 
- Turn on multi-factor authentication (MFA) 

___________________________________________________________

Learn how automation works for accounts in local vaults

When you join Cerby and create a new workspace, the Cerby platform automatically generates a default cloud vault and its corresponding encryption keys. However, you can create additional local vaults to leverage a Zero Knowledge architecture. 

With the automated tasks supported in local vaults, you enhance security and ensure that exposure is limited and managed effectively, even during an attack.

The automated tasks for accounts in local vaults are executed as follows:

Your account is stored securely in a local vault.

When you trigger the automated task to rotate a password or turn on MFA, Cerby prompts you to confirm whether it's okay to temporarily use a cloud vault.

When you confirm this action, your local vault encryption key is <i>temporarily </i>shared with the cloud vault.

The Cerby bot performs the automated task using the account information from the cloud vault.

When the automated task is complete, the Cerby bot sends the final status (success or failure) back to the Cerby platform.

The Cerby platform then triggers the removal of the vault encryption key from the cloud vault, ensuring that your account's secrets are only stored locally again.

1. Your account is stored securely in a local vault.
2. When you trigger the automated task to rotate a password or turn on MFA, Cerby prompts you to confirm whether it's okay to temporarily use a cloud vault.
3. When you confirm this action, your local vault encryption key is <i>temporarily </i>shared with the cloud vault.
4. The Cerby bot performs the automated task using the account information from the cloud vault.
5. When the automated task is complete, the Cerby bot sends the final status (success or failure) back to the Cerby platform.
6. The Cerby platform then triggers the removal of the vault encryption key from the cloud vault, ensuring that your account's secrets are only stored locally again.

With the previous flow, Cerby guarantees the following:

Your account information is temporarily shared with the cloud vault only for the duration of the automated task.

Your key is not exposed to Cerby because we follow the Zero Knowledge principles at all times. Your information is encrypted, and we can’t access your encryption keys. The Cerby bot handles the entire process automatically and securely.

After completing the automated task, the cloud vault is cleaned up, and your information remains safe in your local vault.

- Your account information is temporarily shared with the cloud vault only for the duration of the automated task.
- Your key is not exposed to Cerby because we follow the Zero Knowledge principles at all times. Your information is encrypted, and we can’t access your encryption keys. The Cerby bot handles the entire process automatically and securely.
- After completing the automated task, the cloud vault is cleaned up, and your information remains safe in your local vault.

The following articles contain more information about automation for accounts in local vaults:

<a href="https://help.cerby.com/en/articles/11682768-manage-local-vault-assignments-for-an-account">Manage local vault assignments for an account</a>

<a href="https://help.cerby.com/en/articles/11682782-run-automated-tasks-for-accounts-in-local-vaults">Run automated tasks for accounts in local vaults</a>

- <a href="https://help.cerby.com/en/articles/11682768-manage-local-vault-assignments-for-an-account">Manage local vault assignments for an account</a>
- <a href="https://help.cerby.com/en/articles/11682782-run-automated-tasks-for-accounts-in-local-vaults">Run automated tasks for accounts in local vaults</a>

This article describes how automation works for your accounts in local vaults while ensuring zero-knowledge principles.

Explore automation for accounts in local vaults

Find answers and get help from Intercom Support and Community Experts

This site employs cookies and other technologies that we and our third party vendors use to monitor and record personal information about you and your interactions with the site (including content viewed, cursor movements, screen recordings, and chat contents) for the purposes described in our Cookie Policy. By continuing to visit our site, you agree to our {websiteTermsLink}, {privacyPolicyLink} and {cookiePolicyLink}.

This site uses cookies and similar technologies ("cookies") as strictly necessary for site operation. We and our partners also would like to set additional cookies to enable site performance analytics, functionality, advertising and social media features. See our {cookiePolicyLink} for details. You can change your cookie preferences in our Cookie Settings.

We use cookies to make our site work and also for analytics and advertising purposes. You can enable or disable optional cookies as desired. See our {cookiePolicyLink} for more details.

Advertising cookies are set by our advertising partners to collect information about your use of the site, our communications, and other online services over time and with different browsers and devices. They use this information to show you ads online that they think will interest you and measure the ads' performance. Social media cookies are set by social media platforms to enable you to share content on those platforms, and are capable of tracking information about your activity across other online services for use as described in their privacy policies.

These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.

These cookies are necessary for the website to function and cannot be switched off in our systems.

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site.

You have the right to opt out of the sale of your personal information. See our {cookiePolicyLink} for more details about how we use your data.

Your Privacy Choices

We use cookies to enhance your experience. You can customize your cookie preferences below. See our {cookiePolicyLink} for more details.

Cookie Settings

Link, Press control-option-right-arrow to exit

Empty Help Center

Uh oh. That page doesn’t exist.

Disappointed

Neutral

Smiley

Thinking...

Searching through sources...

Analyzing...

Tickets submitted through the messenger or by a support agent in your conversation will appear here.

Explore automation for accounts in local vaults

Learn how automation works for accounts in local vaults

Related articles